Published: 27/06/2018 Updated: 03/10/2019

CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4

CVSS v3 Base Score: 4.9 | Impact Score: 3.4 | Exploitability Score: 1.4

VMScore: 445

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

In arch/x86/kvm/vmx.c in the Linux kernel prior to 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
canonical ubuntu linux 18.04
canonical ubuntu linux 16.04

Several security issues were fixed in the Linux kernel ...

In arch/x86/kvm/vmxc in the Linux kernel before 4172, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL ...

When KVM (on Intel) virtualizes another hypervisor as L1 VM it does not verify that VMX instructions from the L1 VM (which trigger a VM exit and are emulated by L0 KVM) are coming from ring 0 For code running on bare metal or VMX root mode this is enforced by hardware However, for code running in L1, the instruction always triggers a VM exit eve ...

NVD-CWE-noinfo https://github.com/torvalds/linux/commit/727ba748e110b4de50d142edca9d6a9b7e6111d8 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.2 https://bugs.chromium.org/p/project-zero/issues/detail?id=1589 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=727ba748e110b4de50d142edca9d6a9b7e6111d8 https://www.exploit-db.com/exploits/44944/https://usn.ubuntu.com/3752-2/https://usn.ubuntu.com/3752-1/https://usn.ubuntu.com/3752-3/https://nvd.nist.gov https://usn.ubuntu.com/3752-1/https://www.exploit-db.com/exploits/44944/

CVE-2018-12904

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect